<?php session_start(); ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>
<title>Parent Informer RCSHS - Settings Lobby</title>
<link rel=stylesheet href="../../css-layouts/themes/defaulttheme.css" type="text/css">
<link rel=stylesheet href="../../css-layouts/headlinks.css" type="text/css">
</head>

<body>
<div id="mainhead"><br><br><br></div>
<br>

<?php 

 require_once('../lib/sha256.php');
 require_once("../../sqlconfig.php");

 mysql_connect($server, $sqlusr, $sqlpass) or die(mysql_error()); 
 mysql_select_db($mydb) or die(mysql_error());

 //Checks if there is a login cookie
 if(isset($_COOKIE["parentinformerprcshs"]) || isset($_COOKIE["parentinformerurcshs"])) { 
  if(isset($_COOKIE["parentinformerprcshs"])) {
   $username = $_COOKIE["parentinformerprcshs"]; 
  }
  else {
   $_SESSION['theerrcode'] = 2;
   header("Location: ../logerr_atmpt.php");
  }
  $pass = $_COOKIE["parentinformerurcshs"];
  $check = mysql_query("SELECT * FROM logtbl WHERE usernm = '".$username."'") or die(mysql_error());
  while($info=mysql_fetch_array($check)) {
   if ($pass!=$info['pwrnd']) {
    $_SESSION['theerrcode'] = 2;
    header("Location: ../logerr_atmpt.php");
   }
   else {

   
    switch($info['priv']) {
	 case 1:
	  $strtosql = array();
      $strtosql['vals'] = mysql_real_escape_string($_POST['mnt']);
      $setquery = mysql_query("UPDATE logtbl SET mailadd='".$_POST['mailadd']."', theme='".$_POST['thm']."', passgr='".$_POST['pgr']."', msgdef='".$strtosql['vals']."' WHERE usernm='".$_COOKIE["parentinformerprcshs"]."';") or die(mysql_error());
	  break;
	 case 2:
	  $strtosql = array();
      $strtosql['vals'] = mysql_real_escape_string($_POST['mnt']);
	  $setquery = mysql_query("UPDATE logtbl SET mailadd='".$_POST['mailadd']."', theme='".$_POST['thm']."', passgr='".$_POST['pgr']."', msgdef='".$strtosql['vals']."', subjdept='".$_POST['subjdept']."' WHERE usernm='".$_COOKIE["parentinformerprcshs"]."';") or die(mysql_error());
	  break;
	 case 3:
	  $setquery = mysql_query("UPDATE logtbl SET mailadd='".$_POST['mailadd']."', theme='".$_POST['thm']."' WHERE usernm='".$_COOKIE["parentinformerprcshs"]."';") or die(mysql_error());
	  break;
	 default:
	  echo "Sorry, cannot save settings";
	  die();
	 }

?>


<hr style="clear: both;"><br>

<center><span id="heading">SAVING SETTINGS</span></center>
<br><br>

<?php

    if($setquery) {

?>

<p align="left">

<?php

    if(isset($_POST['oldpwrd'])	&& isset($_POST['newpwrd']) && isset($_POST['confpwrd'])) {
     $_POST['oldpwrd'] = md5(sha256($_POST['oldpwrd']));

     if($_POST['oldpwrd'] == $_COOKIE['parentinformerurcshs'] && $_POST['newpwrd'] == $_POST['confpwrd']) {
      $_POST['newpwrd'] = sha256($_POST['newpwrd']);
      $passchange = mysql_query("UPDATE logtbl SET pwrnd='".$_POST['newpwrd']."' WHERE usernm='".$_COOKIE["parentinformerprcshs"]."';") or die(mysql_error());
      if($passchange) {
       echo "Password successfully changed.<br><br>";
       setcookie("parentinformerurcshs", md5($_POST['newpwrd']), time()+46800, "/");
      }
     }
     else {
      echo "The passwords you have inputted does not match. Please try again.";
	  break;
     }
    }

    if(isset($_POST['newusrnm'])) {
     $userchange = mysql_query("UPDATE logtbl SET usernm='".$_POST['newusrnm']."' WHERE usernm='".$_COOKIE['parentinformerprcshs']."';");
     if($userchange) {
      echo "Username successfully changed.<br><br>";
      setcookie("parentinformerprcshs", $_POST['newusrnm'], time()+46800, "/");
     }
    }

?>

Settings have been successfully changed. You will be redirected to<br>
the main page in 5 seconds, or click <a href="../../">here</a>.<br><br>
<img src="../../img/prgbar.gif" alt="Bar Loader">
</p>
<?php

    }
   }
  }
 }
 else {
  header("Location: ../../");
 }

?>

<div class="footnav" align=center>

<hr>

<a href="../../">Main Page</a> ||
<a href="#">Help</a> ||
<a href="../../externalaffairs/links.php">Links</a> ||
<a href="#">About</a>
<br>

<span id="copyme">
&copy; 2011 Roosevelt College Science High School. All rights reserved.
</span>

</div>

<script type="text/javascript">
<!--

/*
 Count down then redirect script 2
 By William Kemper (kemperwilliam@hotmail.com)
 For this script and more, visit http://javascriptkit.com
*/

//specify redirect url
var redirecturl="../../";

//specify pause duration before redirection (in seconds)
var pausefor=5;

//DONE EDITING

function postaction() {
 if (window.timer) {
  clearInterval(timer);
  clearInterval(timer_2);
 }
 window.location=redirecturl;
}

setTimeout("postaction()",pausefor*1000);

//-->
</script>

</body>

</html>